hxxp://pentagon[.]cy

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2025, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pentagon.cy

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_650261454\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_650261454\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_650261454\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1614558568\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1614558568\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1614558568\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_781519791\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3692_781519791\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871798331388716"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{07F05B1F-AD19-4866-AF45-5371A4407C5E}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{38A0CF4E-218E-4070-81C9-DA676C0BEC65}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 3968	4136	msedge.exe	87
PID 4136 wrote to memory of 3968	4136	msedge.exe	87
PID 4136 wrote to memory of 3680	4136	msedge.exe	88
PID 4136 wrote to memory of 3680	4136	msedge.exe	88
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 600	4136	msedge.exe	90
PID 4136 wrote to memory of 2412	4136	msedge.exe	89
PID 4136 wrote to memory of 2412	4136	msedge.exe	89
PID 4136 wrote to memory of 2412	4136	msedge.exe	89
PID 4136 wrote to memory of 2412	4136	msedge.exe	89
PID 4136 wrote to memory of 2412	4136	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://pentagon.cy
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2ac,0x7ffe7c77f208,0x7ffe7c77f214,0x7ffe7c77f220
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=276,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2136,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4212,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4288,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5320,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3792,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5116,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6692,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6852,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6096,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6792,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4428,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6616,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6676,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5356,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6652,i,15934201018236752599,3961700463034389124,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffe7c77f208,0x7ffe7c77f214,0x7ffe7c77f220
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2384,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8
    3⤵
    PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4424,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:8
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:8
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4640,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4784,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:8
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:8
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,17152231493192122969,3701505184388848535,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:8
    3⤵
    PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1064

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3692_1614558568\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_650261454\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_781519791\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3692_781519791\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
695a7096180967f369ad33d89f5a5e81

SHA1
1fb7d1c0b4755597b5a633a10767e319ad620395

SHA256
7ed19dde6be176fa7ba06f2fd88f79af797e554255a2ed6a71e0fb18e17bf3e7

SHA512
8e88ef62fe187cea3fc388a163c74b0ea2ff6bc89d35387e9678e879ea9f350f01d5c3eff2b3e318a02f7f92cfa4daf48b594629d900f1c76c9b37751ff41114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8298cef2cf06d38ea44008d3ffefa08e

SHA1
e8664463737b64a3209a36a41fc6633421f06e72

SHA256
fc2101ac6fdc60c20c7a062306e18398e2162c86ff13f7a1dfaa49087c114685

SHA512
7635ff527fabe6a77373923145e90ca7864ec6659e00c719f05af3b91d7648f635149453be4ea0f2d5f1944b5ea4c67ba5d04dfb5868d6a1b176207b1822c0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1f75964ce3875a0738b3be3541413356

SHA1
39a3abbfe6423dce0790c662981de1835c60a847

SHA256
e9ccef48d1ea53f3cc8383a27dafe4dd5944a1ac180306d4c1423b4dc1f772a0

SHA512
96f76523548468d64e225bd234384147591ac6fdfa927cfabb8fc283bc46532579cb47cd0002056a50df3648779cc95f8077af9e7abc3a4bdcbd3bc897249b9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
6b0617be77290d1458d78456c6c4e247

SHA1
51e4bf7837dcf336fbc041ac1b988dfb4fe5d6d5

SHA256
41d7a3796bb68f1d7c309a1dd35324f6e4b8c24e5cf422a0ddcaa0c424a29ce6

SHA512
011fa6b48b9e227c6deeb9a43fca8cb4c9779023af8a5bcbd4bcac176c8bb6c794fea23196481d7c33ae34de56b4873f04b917838cafc600944be3c26715e28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
31a4c44c1bd6006b500e50c7fd0e26b3

SHA1
540a9c45691bd9512db325d881a5514fa14f279e

SHA256
e2b8e3986f291e10b172532c33af7c59163e8a4023fe446d96bc56912383e8fb

SHA512
d5bd5855fbb1e1b23c4257b15e22efd375afd8f158c95d8f3b38b58ca1468c7c2fa44b246abf005b9cde41d19cb25c1b5344ca0cee7d783fd23813bf5e07a85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
b30568415036c1e23f3fbd4127dd8874

SHA1
5848a384e69d267c6a4012a2e156c3b9dc8a33c3

SHA256
7827c2f33ac75a7a040abfdc5a2a27bc1c87ed97848c583a1b0fd6ea3f7bd211

SHA512
fafd856bd6c6dc6936103baad9cd96e3e49e582d665c5ea6e2e82784178b606b69d0e5b879928bb43c0bad6f717309c1c4f44a6d89f5db1a8e8286ee5b071332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
33KB

MD5
92d61730eeada66f7c7af90e93ac9648

SHA1
4fc6e2ae5a505c9be73380f1273c3af6fd6c5a67

SHA256
3f3cd898943b026a13346c3259ebd91bf02fe245d5ccd152ce7f544257986865

SHA512
7baca6129755ee0697346fd2b93203cb76714a413f57fcfedb1b57c47f526361ef7c33b3b65c2068636db8dcd548566f18502967d24fb8128137f6ed53f04aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
25KB

MD5
86fe1f534a33e849c4333542b9789e44

SHA1
a6f1e7999e3b61c15ae9c20034e8125afc33a05a

SHA256
0316d48f95f2e9b93408f37b22a49a332a447588dd1119f9ae012a4e77842086

SHA512
8e57d61d3a99be9fbf614ea7fa4cde7a9af72dd20b9f641ea16a396e38c59fd8b57654203cc99e768295f7c24f2f0dd9cc9fd76c0b7d9ba83fef2b051fc8ef0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
50KB

MD5
10834580662426e81688779b549cfbf3

SHA1
fdd62797da2a32ae3063edee8966ac5383e4358f

SHA256
3069761a9e6114364ad1221410c4597cb4470266dcc648eb75bfbb402fd6d68e

SHA512
4b18d33532294baf1a9031c96ae08c163c1f5206b5aec630bb15d388bcc2a47e27b20d36f02885c54d2034611ca7f49e80af57b5597137d9982962428f772555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
29KB

MD5
21c8de3de813f933f27959cd480452ba

SHA1
2f8f04bdf0cd52f3f10c73ec4c0673a1aaaeb832

SHA256
22d13d7262496b0b2507ff8ca8a38538b5fed04f19c288074e63a5fcfaae10e7

SHA512
dc0bf35fd279848c5e374ac562e727b1a0e2c5ec5404811afe9c7a8c06c1535ee7e58602ad134a9995cfe22402a7cdc4241803d263c0e4b2c7a67f0d50c4b4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
80KB

MD5
14e39be019da848a73da7658165674cb

SHA1
e016473c4189a8cc3dbff754a48b3e42d68af25a

SHA256
39595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd

SHA512
828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1d2ca76864f9fd107661fb9fc932e58f

SHA1
d94f431df290076d6a19ccae872c0a0b137d1096

SHA256
01322ae641a6f1fcc89de6a25f7a61cbbac652ed4aaeb8718daa2edc15e355ff

SHA512
586711cd8475f0df154755e51597480292c30ea63ab403148281c1d64b204dafadae74133276dc64adda9f45509fce9df58b0afdc2cb7fbfc6f615065c9158d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5801ff.TMP

Filesize
3KB

MD5
8a8f2b87d3afee21b68d642851b042fd

SHA1
1f7f2c0218e212ae4c4a13e7bf4f4106ba2072cc

SHA256
07bd0082fd514a1965b933039438fdffa0fbf26469827471f9ad5e1ee986b7bb

SHA512
192d25f5f3be259c409e4eaae7080b593bc3c642d886e9d7d1977bf35a6dfef677e9b9d03f21e91f5c485ddfbe06734fb6e60393f194f9fc42a90ececfb9a048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\4bbf0b1a-54d0-4631-a97c-aae5cbdd0993.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Filesize
429B

MD5
5d1d9020ccefd76ca661902e0c229087

SHA1
dcf2aa4a1c626ec7ffd9abd284d29b269d78fcb6

SHA256
b829b0df7e3f2391bfba70090eb4ce2ba6a978ccd665eebf1073849bdd4b8fb9

SHA512
5f6e72720e64a7ac19f191f0179992745d5136d41dcdc13c5c3c2e35a71eb227570bd47c7b376658ef670b75929abeebd8ef470d1e24b595a11d320ec1479e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json

Filesize
1KB

MD5
738e757b92939b24cdbbd0efc2601315

SHA1
77058cbafa625aafbea867052136c11ad3332143

SHA256
d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

SHA512
dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
734f375d7a2beb2262a5c728eeaac86f

SHA1
159d73a186ba1374a942050ced58a18759421ab2

SHA256
b224eb04c54585e041cb5ddd3de6ad429f77b5391b2fc843a8df982b75a05cee

SHA512
e582e89f5494d6dcc698c929a65249b0c64b511023f150cf6726f0e1864d1e323805eec6393fee0eac9b545db49bac0033798ccde778aab3d45c4aa894745db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
a0b9e5237b24ff5b962645c1905b0e39

SHA1
554d4eb8d725cead3a8cd1b52d2efe4f0c86e5eb

SHA256
5b92ce3479dac57f3d689de5f68e26c76f0a3a3e74fd1a154399f9de1ae13109

SHA512
5560e75d8935a4543b16ade9eb0d547b07acb6d11fd11b096d429ddb7bceab4f8cbb17c74162793c2a389f8bfa8c93c073333fd7bc55a6644291fe58a06f1a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
c2048b1458e7fc4206ab119a0db95a8a

SHA1
6ca5343b10fb5082b618b09b0d823b3d3e3519fd

SHA256
a2604b9d6f4d09a931b87fcf794322fce7ae9f4c1206b6bc0a80b70695d52c3f

SHA512
72d5086d389d92495b3632ac9d2c9fed6665f8b85639389fef7d2cba6fedcfc55c6cbfcec11d5beea68051b4072a79e770982e74fcb59b052704c1ae84cd73c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b3b75da476e1ef6975cdb8637b9d41c9

SHA1
e542c7c2f2fc8a1116b5efbcd13ca50f518658ca

SHA256
3895d49a324d21866e9b11751ed5e226ed75a934f89f9f32c7ef386f73574a52

SHA512
f03fef590060063b3e9faecf0a1c539de347186b1ad10d0968a5a6aaaec735cb1631fe1219100d14a0f1cf502880b13ffcd1277f7d8438b6b281889e4098c8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2e96d786c6359b1ade34426412fa19b1

SHA1
082010e39bc4e391fcbbe60a6456860f200a7583

SHA256
1edd493c98dd948f5604e3bb835bf179d188bd42886e109c729960ead1aace1a

SHA512
156814b92f643404e8f66d7f9f8d86325402fea24c57beca6edd5cf1b74c637e1074cd6b6fb94cce6f7b26ab692b135ec165ec4d2ebfbded6f69cd1d36aa0507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
927689a2daf66e3c75d63262fa91c196

SHA1
450ac7bc10549b01a7652ac10c5bc0ba8bb4ca23

SHA256
1e6af9fc26c25aeb19c643cc8b1ad61d2c9ddc23d366a189cfc4a5ec0d96ae4c

SHA512
236df1254ef0fac9c47720f516e218ce98b8b5a61496d1f3cb471d3bd8936325fd159c74fe94e67ae2be0e8d2f4e872a5347889d512fed028a5e3a63958acf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
da5261d284e3648c7bd46b9942b8f5bb

SHA1
150ef747dcffc519cdcec2c6d1792474868bed18

SHA256
9407ebb3563bab601f201bd7f4449fe218764ffae67f18115f4d335a6791aed1

SHA512
e9aed0b60c3930d0e937c34611c7dfb1ce856dab04115ab83961ecc9081fd1d5de63a0dfd4a8ce5f3dfe34414619e3d7b673032f62e83d6740e9c15c9d473ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6b7a9b2efaba7ba433e3e7555b28f353

SHA1
d4ab9632e4ecad402d321363b60a8478d8605760

SHA256
d7c45651d5b37ebc3aa49156e4c930d0615e4bbbbc9e0b198ff1759b6e964768

SHA512
a8994b43062254f6f2501a6cbc6183ea92bd2304e4a7f844cd0fe56c474f48257f87d631257a8f31a909fb415875e991746bfc9d106c84f95a6f2ecf1f15f9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
71f425a8c35aab022335f48b2dcce208

SHA1
45d65e1a4980d60bfefcb79cf35678cd0bec6d80

SHA256
9159524fa6d33d57e35b116287da5dec9d09ea77be8cb8686076e172b2e16bd1

SHA512
d3e0f4f05f716620aca71e83c432fb4e53af37024c48e49694c090b2a034b024ed1b5f47a746e21b0f640e522574cf546365c1a806a339860d9a7a8df0ad7373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
ae244cc2266a405415a46c4f083713a7

SHA1
f20d80af22405b049c3edbb897034358018ebbe8

SHA256
b6794958a36869aea1e9fa79be44c0bf2a9533ad2ac3b4097c2322ce555bdea6

SHA512
e2d33c4ded14669424c981a557cfe8bc764902578555cf700395ff5a9600799b8e366917c692a8129aaf73d1057e583d79a5022ea740850c861d8cf7ea2c59d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
aa029ed748a3e0ec1cf85f05bd2df89b

SHA1
74146fc0e3a48eeee7f3a919f6eb0484a43b9540

SHA256
fcce99db329f0da0020cfc0cff2732f305a0e7ecc0c5b04da0292c68a79c2e00

SHA512
c03530f0e65b7a744aad46d1dc4da3232221d0bbae38ad18b80d78fad210f9730fdd3407b98b3da026e0f3abefd9846680e45363f782661c724b75bab185d358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
232B

MD5
12fe4384d98ee3423b2aa3b1ccf3cbdd

SHA1
6831eac24f731c14639ef1ecd9d902920b8d4e19

SHA256
2e6a5550e188f1e1e78dddea8cfdc138a7ea1caec2e519776ea7ca6ed5de1c24

SHA512
67597d465b5d18dfac07f1d406b918ad9c9faae450e38f8792236c3f23a0920ed2002d606b189101f9b939b2efef57835554bcca588543a6acd0ca554bba710d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1004d5595d9bad921300682dd046b753

SHA1
74dbe76ba8aec9676a75a7847483d6f49c9f5373

SHA256
305feaab97e085a59dfb16c8722a85442323d59eb06ae464fb5c1ff5a7a0be19

SHA512
602f61b4ad8700288ad1ce281302fd6be1ae8c9c4d6a7207e17cc653c97f8cd87e6304a1ef7b7ebd65fc26015f2451652e0e0f80bef11072cc6611b5967b50ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a62dcd4c2825bc249cc075847dabc6b8

SHA1
4295f49e070a9470db18a5c83511f91ea535c49e

SHA256
9e7330649d148042b66d669155ede88d87c0d9f7ca74d402b46fab61880a05d6

SHA512
026719772a41840ec44f9b2b937c238448b066e1dc93b01166ddf9a97fd0526e820769464fcf2df76018ef83c69c4d181950a2ffa79931c3bfffebed4e2f2075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
29fdb9285afceb8fe4c893f39928ee00

SHA1
f624aed219b70e5cee7ebbab360949776cb27572

SHA256
937fa5e76a01403f2239026a61c5b7cbe2e6196cc537e98276c4f5698b5cbfa5

SHA512
10af36f3a0caef21a96d39d925037d094be0550f3c67eec823f723f7118bc87e9cda00fadd639b386ce5128b20fcb64501fac47ce4f69d8d0d187465568d2262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6885a7b7ab333364b4dc6d749d78e139

SHA1
6d005daf80a5e16798e1f508352275f185aae8fa

SHA256
4160179cdad1ae782e8eeab4851007a09df6badb3de1fce4d0a6f522af5eda71

SHA512
efd6df4e5fd7437d12b756f95750c09efa38cf850b9d420dfe9f27d8b1515ad9d5cd21a7411bc480483105730304a2fb6c426697755b4236dd3e8cfc64e6317e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
5b2edcc32898b27a1f1227906be7d6a7

SHA1
263519227dd385c541ba669b0c61651974511346

SHA256
3843e40f2b31351a0e9e018fc49bb9a93bbd2c26650a4435d496d34bbf3177d4

SHA512
16400249e2fdbe62eecbdce0de498c60a075ed5e3a82673e6f6642339f363a72c78a2d3bf6b89ca4a395b5ab4084803e55f0e4f8f76fcee2f89e26ff82ed4b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
868B

MD5
b740bb306ec1e0a014efd02d48e66217

SHA1
4104342db1c53a389b7819ecea8e9cccdbe14b75

SHA256
383f7a143a5a1de4511336668144d6eb9190582b2773a872b60928e8328b5364

SHA512
1aaf607a9dc744bf570e6e470ec260821bbdac57edf71e6c0dbad04107f9bab067a2553b7c38f464982a03aae7222e5037525759ff0abbb4a487c2bab99fad2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58ef1e.TMP

Filesize
463B

MD5
b9514a8eb82a67393405b26b41fa5d9a

SHA1
09b960c71e212d2e0ff611e50efcdedea1910c81

SHA256
93c9b862f1c5b91f63497167130a9138e689e38149eb84ccaf9b4edecde1677d

SHA512
7cfcd63b73d6a83151ed2392897cbfef20a5325d8c44392ec1f0717112621a9233a792f2ba653db49f0a8be8a5d4bab1438a90e252a207c8df425c097c9627d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
21KB

MD5
e4dfd0504387a1ebcc4a48846e44a23e

SHA1
a5a91da421e3d8728ae857694dbeb24ea72b7866

SHA256
d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6

SHA512
94a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58f018.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
3f742af76cdada529b073920677a39ad

SHA1
342be71994c765f31b6f0a61c909bdc9a88467c5

SHA256
e7fc8db7f8a7aad0ecdf9ba28a5e41f71d6e5e15539bd3ceb9d1d68945280207

SHA512
c79ba269ef256b8d08c1711f9fc8043e979a1815bc7c0334427b51619c57ec0ebf13240655df8d5c7d5a731ffc38f82c283338dfc88f307c8cb490fcbd1e9361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
49b732e1284b40d34d4569259d287f1d

SHA1
18c05c79f89eaa9d3d5297e830235ebd0814aa1d

SHA256
9a96189cb119a7c8fd7f50ca798e83e407bbf7526b1a8bf521ff901996bee8a7

SHA512
9e6c147300d81193e44b87be399e835e6b8223d209ee4ea4f92483093f4af117435894606e30ad00bd5aad4166c8d932308cec8f5aa6557f024d4f8c48286f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
a436be33388effb0fbba4614c08db14d

SHA1
cd502213a45aca5623c3971c6fda43d7d22e1521

SHA256
c36581cfb4aaeec91bbaacbdf3aa7cd191b342df8bd4239c82408fac8af5c0ad

SHA512
0ed968a8c30c3758a87f92ca099242771af99b14f1f31216dd7c48a141cb7bbf9fcadb2a14cd5b978aa6c1eb49daf5b12d6d872fbbe30a13814a8bd91754def7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
37KB

MD5
38c384f72f54dc40c33ec45d3ec06091

SHA1
d8f80e3ccf57991e4103cc653e32a6491b34cfc0

SHA256
e60aac1ee1d9635f4509307d15507369c4624decef6ea80854fa33cebb5d8500

SHA512
06ca88f4bd6d84d83331a4676c730d08b80c28a0fd89ad81a07af1ad3bcf1115b0ba1943280e7998bea104ee0741c3eed8c24c941abbd7fd2b719a7fbfc791b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
1ece7f457884d9557d37bc33184c2737

SHA1
a5a0e5cbfbe48b4dd9e1bbf4463079436e721b72

SHA256
c7f29b3a8f2fddaa16c3961847214f82ede8222423c99c7e2265e7986c1fb160

SHA512
1569eb4bf840105b708fbc27adbd28fa885a08cd296da4604b52df401acfa3b1913a086a9bdf205567de7182e044265900a64e48ca9056c34506c1a4797224fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
37KB

MD5
404f5add933051a4d0ff81c34ab4bb1f

SHA1
81eb8ce5220b264494f3b748daa62c8b673ba406

SHA256
695afca1d99ba8e0008dcb5f6b152aa98ac4d2a9bae6cb0a8b5ac4f96e4b986a

SHA512
aba874b9176caa45f266afa0cd541394f2d4ae781ef015639bd86028b24ca1c78600a50fc0852aa694a24e8fd97cafa6ae2d7d42babf296420f713a1e72213a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
3965e3f41ec1456998237288b006e34a

SHA1
31ec282fe29b6bf5150f016637ef02c723796ba8

SHA256
eaef781d0c0aeef54a882cb62c452effd8933d13225366ac3b21e6ce2b3e6675

SHA512
11bcfab834d837ab203c575dfe2f695d1b2e171b7edaa3c6d4d5a828f83e23f90165bd8260b3c1893dc4b99e5f2d4811fefd8691e757f26abe71e882b0478157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
d9c9c78e835adbdeb8a95090d96c6057

SHA1
afcef24712f8f6ecbac4801c632d98359f00aa20

SHA256
79c1b2f096ff783a52a9cf06f4cd11459250b7ae4d7f56d2bad81b33bd830674

SHA512
3db036975ac3cfd3a409d34357a00cbaad187146811220884eef92e3170081b8271193d55ba517c7a0c08c90e16c652b6b4ea3c85fc30bf2f6b8b91a198f46f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ece41eb0c8aef034639f6a89427175c4

SHA1
9381feabf49a06de550b7bb961742148e8164c50

SHA256
ea3336eec411509279d3cc5913128ae2bd8a55108d7ea550494d072ab118fc3d

SHA512
aa676b44cccc6ffb5da5c75ddae54c495908a8bcf7b2ddd6becbc06649e71ef65b0886e146ee757da1f28483126f8a5e34afd528e4435856e9d9c42c650215ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57e01f.TMP

Filesize
392B

MD5
5b6021d0cd29ef507469ec88fff2ffab

SHA1
d74b1a26aeb15ffdbcd0d8b7eba6b268dadd6de4

SHA256
31f2862b5527314b3cae8b95a3375f1736233f6b4523435e9514c2a956e86a84

SHA512
e4dfee4a0601d0206efe427eb98adcc53d4943de71523861e72b365dd1d1af83b364b8f284c2b0fa6b7d501abce7cf1a5b46d724faac2836a30d263d3fc13938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f8d3a8ea2045711c8fc3df43db148afb

SHA1
af5f466060fa2e7cfc51a1fadfae4602824622ec

SHA256
dc32164162a0c3a0b655cfaef66affc6b40e1abb690968e2497d586ace925e23

SHA512
7f63b5808882117f4f5f75ef71eade2299f99cceea44be539f8afc9463ea30d906bf6c5a5183382627425cf14fe117dc0f386fd4c6e42ab19b4702ff8497e8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
569964d11dada98b3ab7fdef363ca393

SHA1
e5849f6f15684142f18e8b5378e2c489ac8fc27a

SHA256
019fb4aa0b46adeae7eefc05b5b3a280f89d90c2fe63c1e750e1997a62a59283

SHA512
d2fb3e851f13342b0944a88ce56332762baf5078e72a19efff3c71bdd285e72db7c55f5da5edaf425107478e01eccb543a4793adc450497ff3b0f7891bf8d0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2a51204-f435-4b3f-a294-34503f76ab93.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9d34524-5060-47ef-9661-f5ebb4738995.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_248608487\453b674a-8f34-49c7-ab11-e1cddfdbfea2.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit